Device manufacturers typically design devices to include various capabilities. Each of the capabilities associated with a device cause the device to perform a specific function, such as using a sensor on the device, providing an output, executing an application, executing a portion of an application, or the like.
Before providing the device to an end user, the manufacturer often will lock one or more of the capabilities on the device. Thus, the device may only be able to perform a limited number of the functions. In order to extend the capabilities of the device, the end user must then acquire access to one or more of the locked capabilities from the manufacturer. For instance, the user can use the device to purchase a locked capability from the manufacturer. The manufacturer can then cause the device to unlock the acquired capability. In response, the device can then perform the function that is associated with the acquired capability.
By only providing a limited number of the capabilities on the device when a user acquires the device, the manufacturer attempts to control what functions the device can perform. However, a user of the device with malicious intent may be able to unlock one or more of the locked capabilities on the device without acquiring the locked capabilities from the manufacturer. For instance, the user may copy an operating system (OS) image of a first device that has already unlocked one or more of the locked capabilities. The user can then use the OS image to unlock the one or more locked capabilities on a second device, which is a problem since the second device can utilize the one or more locked capabilities without acquiring the capabilities from the manufacturer.